Shibarium Bridge remains suspended in aftermath of $2.4M Exploit

ByBilal Ahmed
Shibarium Bridge remains suspended in aftermath of $2.4M Exploit

TL;DR Breakdown

  • Developer Kaal Dhairya confirms Shibarium-Ethereum bridge remains suspended to prevent unauthorized exits.
  • The September 12 breach saw the attacker escape with $2.3M worth of crypto, part of which they recently sold
  • With investigations pending, it is unclear when or if the stolen funds will be recovered.

Shib developer Kaal Dhairye made a blog post giving a much-needed update regarding the Shibarium-Ethereum bridge exploit. He discussed the attack, as well as the investigations and the steps the team is taking to prevent further exploits and explore recovery avenues.

Shibarium Bridge Security Breach

On September 12, an attacker used a flash loan to purchase 4.6M BONE tokens, acquiring unauthorized validator signing power. The attacker then used the majority voting power to push a “malicious state/exit” and withdrew multiple assets from Shibarium Bridge, including ETH, ROAR, and SHIB, totalling around $2.4 million.

Dhairye stated that the investigation is still pending on both the team’s end as well as open-source intelligence (OSINT) researchers regarding the attack. However, some details were not shared as the team seeks to prevent further exploitation before publishing their findings.

Aftermath

Dhairye revealed that steps were taken to stop any further exploits, including suspension of the Shibarium-Ethereum bridge, preventing transfer of crypto back to the main network. The team has also upgraded and gated paths that could have been exploited and added safeguards to prevent further abuse of delegated stake.

The BONE tokens were seized, and at-risk tokens were secured at the “stake-manager” level, essentially immobilizing the attackers’ short-term stake.

The team is currently monitoring attacker addresses and flows and has set up automated alerts and notifications to partners and cryptocurrency exchanges to prevent the sale of further stolen crypto.

Dhairye revealed that several OSINT researchers were working to investigate and monitor the situation, who will publish their findings independently, while the team continues to secure the network before exploring recovery avenues.

What is next for Shibarium Bridge?

Dhairye shared the team’s roadmap without providing technical details. The roadmap’s Phase A includes maintaining bridge restrictions and monitoring in coordination with law enforcement and exchange platforms. On the other hand, future phases include complete protective overhauls and network sweeps followed by independent reviews and integrity checks before re-enablement. Only then does the team plan on publishing a “full technical postmortem” of Shibarium Bridge and remediation path for affected users.

Similar Posts